using System;
using System.Collections.Generic;
using System.Text;
using System.Text.RegularExpressions;

using GURUCORE.Lib.Core.Text;

namespace GURUCORE.Lib.Core.Security.Web
{
    /// <summary>
    /// LockeVN
    /// Avoid XSS attack at input of websystem
    /// </summary>
    public class XSS
    {
        private XSS()
        {
        }

        public static string Fix(string p_s)
        {
            // Open comments are dangerous
            p_s = TextHelper.FARA(p_s, "<!--", "", RegexOptions.IgnoreCase);
            p_s = TextHelper.FARA(p_s, "<!", "", RegexOptions.IgnoreCase);
            // p_s = Text.FARA( p_s, "<![CDATA[", "", RegexOptions.IgnoreCase);			
            p_s = TextHelper.FARA(p_s, "<?", "", RegexOptions.IgnoreCase);
            p_s = TextHelper.FARA(p_s, "<%", "", RegexOptions.IgnoreCase);

            p_s = TextHelper.FARA(p_s, "script", "5cript", RegexOptions.IgnoreCase);
            p_s = TextHelper.FARA(p_s, "cookie", "C00KIE", RegexOptions.IgnoreCase);
            p_s = TextHelper.FARA(p_s, "<object", "<0BJECT", RegexOptions.IgnoreCase);
            p_s = TextHelper.FARA(p_s, "applet", "app1et", RegexOptions.IgnoreCase);
            p_s = TextHelper.FARA(p_s, "embed", ".embed", RegexOptions.IgnoreCase);

            p_s = TextHelper.FARA(p_s, "<", "&lt;", RegexOptions.IgnoreCase);
            p_s = TextHelper.FARA(p_s, ">", "&gt;", RegexOptions.IgnoreCase);

            return p_s;
        }	// end fuction


    }	// class

}   // end namespace
